CVE-2025-66376MEDIUM 6.1CISA KEVEPSS p95.6%
CVE-2025-66376Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
Synacor / Zimbra Collaboration Suite (ZCS)
Description
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML.
Scoring
| CVSS 3.1 | 6.1 (MEDIUM) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| EPSS | 12.01% probability of exploitation · percentile 95.6% · 2026-06-18T12:00:27Z |
| Published | 2026-01-05 |
| Last modified | 2026-03-18 |
CISA KEV entry
Added to KEV: 2026-03-18
Underlying weaknesses· 1
References
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.18#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.13#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-66376
1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-79 | 0% | live |
(incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| KEVEntry | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerabilitykev-cve-2025-66376 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.